I'm using Oracle Internet Directory (OID) for authentication and authorization of the users of mine applications J2EE. However, I have some difficulties to make the authentication when I need to make a communication RMI between two applications in differents OC4J instances. I configured a properties file ('jndi.properties') in an "client application" to make a call RMI for a SessionBean of a "server application". <!-- jndi.properties --> java.naming.factory.initial=com.evermind.server.rmi.RMIInitialContextFactory java.naming.provider.url=ormi://server/app java.naming.security.principal=<user> java.naming.security.credentials=<password> dedicated.connection=true <!-- end --> When the "Server Application" makes the authentication in a XML file (jazn-data.xml or principals.xml), this communication (authentication) works, and "client application" obtains to recoup the information of the OID through the "server application". But, when I configure the "server application" to make the authentication in the OID (changing the orion-application.xml with 'jazn provider=ldap'), I receive the following error: "error Lookup: javax.naming.AuthenticationException: Invalid username/password ". <!-- orion-application.xml > ... <jazn provider="LDAP" location="ldap://<server>:<porta>" default-realm="jazn.com"> <jazn-web-app auth-method="SSO"/> </jazn--> ... <!-- end --> I believe problem still around the permission that I need to grant to User in the OID, that reflect the jazn-policy following: <!-- jazn-data.xml --> ... <jazn-policy> <grant> <grantee> <principals> <principal> <realm-name>jazn.com</realm-name> <type>user</type> <class>oracle.security.jazn.spi.xml.XMLRealmRole</class> <name>jazn.com/myUser</name> </principal> </principals> </grantee> <permissions> <permission> <class>com.evermind.server.rmi.RMIPermission</class> <name>login</name> </permission> </permissions> </grant> </jazn-policy> ...
Observe that the User/Password specified in the properties file (jndi.properties) exists in the OID and that this problem ONLY happens when I need to make communication RMI between two applications. Can anybody help me ? Mauricio Silva.
I don't see how this problem has anything to do with RMI.
Make visible what, without you, might perhaps never have been seen. - Robert Bresson
Mauricio Silva
Greenhorn
Joined: May 14, 2002
Posts: 11
posted
0
The problem ONLY occurr with RMI communication. Did you learn ?
Raja Ramesh Kumar
Greenhorn
Joined: Aug 22, 2002
Posts: 6
posted
0
We are also facing the same problem. Can anybody provide the solution to this.
Thanks in advance
regards, Raja Ramesh Kumar M
Patrick Sculley
Greenhorn
Joined: May 31, 2005
Posts: 4
posted
0
The problem is that RMI cannot authenticate against form or SSO based authentication mechanisms (the same holds true for SOAP). What you need is basic HTTP authentication using LDAP. Oracle says that this is not supported in this release (10.1.2) of JAZN/iAS, however, I don't see why someone couldn't develop a custom authentication module similiar to a Third Party Authentication Module (TPAM).
Patrick Sculley
Greenhorn
Joined: May 31, 2005
Posts: 4
posted
0
When you deploy your web app to OC4J, the working copy of orion-application.xml under (.../application-deployments) is updated with <jazn-web-app auth-method="SSO"/> The unsupported mehtod for accomlishing this is to remove this line from the deployed orion-application.xml. This will enable JAZN-LDAP to operate with BASIC HTTP Authentication. As stated above, this type of authentication is required for SOAP, Web Services, RMI..
Marilyn de Queiroz
Sheriff
Joined: Jul 22, 2000
Posts: 9033
10
posted
0
This issue is specific to Oracle. I'm moving the thread to the "Oracle/OAS" forum. Here. [ June 05, 2005: Message edited by: Marilyn de Queiroz ]
JavaBeginnersFaq "Yesterday is history, tomorrow is a mystery, and today is a gift; that's why they call it the present." Eleanor Roosevelt
0
